CVE-2025-30131 – IROAD Dashcam FX2 Unauthenticated File Upload Command Execution

CVE ID : CVE-2025-30131

Published : June 26, 2025, 5:15 p.m. | 43 minutes ago

Description : An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…